We're now seeing a fiercely concentrated Blackhat SEO campaigns exploiting the McAfee False Positive (FP) problem. Juraj Malcho, our Head of Lab in Bratislava, reports that in a Google search like the one I've screendumped above, he got three malicious hits in the top ten (the same ones captured here: of course, the malicious domain

Thanks to Marcin Gajewski for pointing out that Lech Kaczynski was the President of Poland, not the Prime Minister. I really shouldn't try to blog after a full day's travelling :( While I was enjoying a rare few days off, my colleagues at ESET Latin America were posting a blog article about the ugly way in

Our colleagues in ESET Latin-America have reported that a huge new malware distribution campaign is being carried out through the popular social network Facebook. In this instance, it is our old friend the Koobface worm that is being propagated. (For more about Koobface see Randy's post here, and for more about this particular iteration, see

Round here, we're more than a little concerned about fake/rogue antivirus (and other fake security software). It's an ugly form of ransomware that hurts its victims in many ways. It scares them by threatening dire consequences and damage from malware that doesn't exist (except in the sense that the fake AV is itself malware), in

Update: more resources I picked up on a security list just now (I'm drowning in email here!) Apologies for any duplication. Update 2: more additions below. @imaguid pointed out in a microblog that there's a pattern to the use of social engineering around disasters like the Haiti earthquake: "first comes the tragedy, then malware purveyors exploiting the

It won’t come as a surprise to regular readers of this blog that there’s a lot of fake/rogue anti-malware about. (see http://www.eset.com/threat-center/blog/category/fake-anti-malware-fake-software). However, a report released at RSA Europe goes some way towards quantifying that threat, and has created something of a stir in the media. That’s to be expected: journalists tend to love facts and figures. Anti-malware

(1) Websense, our neighbour in San Diego, has reported a fake anti-malware scam centred on Labor Day social engineering. The scam uses malicious SEO (Search Engine Optimization) techniques, sometimes referred to as index hijacking or SEO poisoning, to misdirect potential victims. When the victim uses Google to search for Labor Day sales (apparently these are very

Cristian Borghello, Technical and Education Manager at ESET Latin America, tells us that they’ve noted quite a few sites that pretend to provide information on the fire crisis in Athens, Greece, but actually download malware onto the user’s PC. (Mistakes in translation are down to DH!) The criminals are using Black Hat SEO (Search Engine

Sebastián Bortnik, Security Analyst at ESET Latin America, has shared with me his translation of an FAQ written with Cristian Borghello, ESET Latin America'sTechnical and Educational Manager, about the malware ESET NOD32 detects as Win32/Induc.A. I've done a little cosmetic editing on the original and added quite a lot of material (so any mistakes and

A number of new papers have been added to the white papers page: Cristian Borghello’s "Playing Dirty" is a translation of his original Spanish paper, available on the ESET Latin America web site, and describes in detail how criminals make money out of stealing online gaming credentials and assets. http://www.eset.com/download/whitepapers/EsetWP-PlayingDirty20090812.pdf My paper "Social Security Numbers:

The estimable Graham Cluley’ drew my attention in his blog to the fact that this is National Zombie Awareness Week in Australia. A zombie is security geekspeak for a PC that has been infected by a bot or agent, so that it’s added to a network of compromised machines (a botnet) under the control of